THE Turnbull Government’s response to the Census fail has left more questions than it has answers, as it flipflopped over vague technical explanations and even contradicting itself on whether the DDOS attack it announced this morning was even an attack.

Australian Census minster Michael McCormack insisted it was “not an attack”, just hours after ABS chief statistician David Kalisch declared it “an attack - it was quite clear it was malicious”.

Mr McCormack said the government shut down the site to avoid data being compromised. Yet A Denial of Service attack does not target data, it simply floods servers with incoming messages.

Prime Minister Malcolm Turnbull has reassured Australians their data is safe after the census was shut down due to cyber attacks. Picture: AAP/Mick TsikasSource:AAP

The government has also failed to explain why, if the reason for shutting down the servers was to stop a DDOS attack, why the servers continue to be down today.

The ABS this morning described it as a foreign attack, yet the ABS blocked traffic to international IP addresses at 11am yesterday.

It has now said the geoblocking tool failed, and yet there is no evidence of a DDOS attack on the Digital Attack Map.

Mr McCormack today said a router had become overloaded, although he did not say whether that was through millions of Australians logging on to fill in their census forms as requested, which should have been traffic that was expected, or an external attack.

Mr McCormack today blamed a “false positive” of an attack for the decision to shut down the servers.

Yet if there was a concern the census servers were attacked, why was the ABS still just describing it as a temporary outage much later in the evening?

Matthew Hackling, a cybersecurity expert, said on Twitter today that there was no evidence of a DDOS attack, with international data maps showing no suspicious activity in Australia in that time.

DATA EXPERT: ABS NOT PREPARED

Troy Hunt, one of the world’s foremost experts on data breaches, said the most likely explanation is that the ABS was just not prepared properly.

“The real question is did the ABS have what we would reasonably consider sufficient scale?” he said.

“Based on the attack maps we are seeing, it is unlikely that it was some sort of unprecedented scale. I think that the more likely explanation is that they just simply won’t prepared.

“This is probably not a large attack, it’s probably a smaller attack if it was an attack at all.”

Mr Hunt said there were questions to be answered about apparently conflicting messages coming out of the ABS, including the statement today that it had deliberately shut down the servers last night to protect data.

“You would think one of the first steps in taking it offline would be to let people know,” he said.

“Reputable DDOS attack maps have not shown any abnormal traffic in this period. There has also been speculation that the ABS was implementing geoblocking in so far as people outside of Australia could not access the site to fill in a form, which is always a bit of a flakey trace.

“Yet on the other hand the ABS is saying we’ve had attacks from overseas. It does appear a bit of mixed messaging.”

MIXED MESSAGES DON’T ADD UP

Mr Kalisch said the Census website was targeted by hackers four times yesterday in DDOS

(Distributed Denial of Service) attacks in which hackers flood a server with automated traffic.

In a DDOS attack, the information on the servers is typically not compromised.

An analogy is to consider your letter box. A hack would be like someone opening your letters and reading them, a DDOS attack is like someone flooding your letterbox with so many letters the postman can’t get to it.

No hacking group has yet claimed responsibility for the DDOS attack on the census, although several tweets in previous days to the hacking group Poodlecorp highlighted the census as a target and one tweet at 8.28pm last night claimed Poodlecorp had launched the attack.

The Census site was shut down as thousands around the country attempted to complete the survey. Picture: AAPSource:AAP

PRIVACY PROBE INTO CENSUS BUNGLE

Australian Privacy Commissioner Timothy Pilgrim this morning launched an investigation into the census fail and DDOS attacks.

“My first priority is to ensure that no personal information has been compromised as a result of these attacks,” Mr Pilgrim said.

The ABS statement today that it deliberately shut down the system contradicts a tweet it made last night at 7.50pm that “the online form and website are operating smoothly as expected”.

ABS chief statistician David Kalisch also told ABC radio that hackers had targeted the website.

“It was an attack,” he said. “It was quite clear it was malicious.”

After the fourth attack, just after 7:30pm, the ABS took the precaution of closing down the system to ensure the integrity of the data.

The ABS is now working with the Australian Signals Directorate to determine the source of the attack.

“The first three (attacks) causes minor disruption and we received more than two million forms, submitted and safely stored, at the ABS,” he told the ABC.

“We did then have a fourth attack just after 7.30pm.

“That’s probably when many people had finished their dinner and were sitting down to use the online Census form, where we had a fourth attack and we took the precaution of closing down the system.”

Mr Kalisch said all that was known about the fourth attack at this time was that it came from an “international source”.

He said third party technicians had identified a “gap” in the system following the fourth attack, which had since been closed.

WHO MAY BE TO BLAME?

Dr Nigel Stobbs, an expert in Chinese law at the Queensland University of Technology, was one of the many people this morning suggesting online that Chinese hackers were to blame in retaliation for Mack Horton’s sledging of Chinese swimmer Sun Yang as a “drug cheat”.

Every census form submitted 'smoothly and securely' last night presumably went directly to a Chinese swimming federation server.

But the frequency increased as the evening neared and many Australians trying to reach the census site after 7pm couldn’t connect.

It was at this point the ABS said it began the process of shutting down the site.

Mr Kalisch said he believed the details of people — including Prime Minister Malcolm Turnbull — who had managed to successfully access the site were secure.

“I can certainly reassure Australians the data they provided is safe,” he said.

An Australian technology company with expertise in software testing was paid nearly $500,000 to ensure the Census servers would not crash under the load.

News Corp Australia has contacted the Revolution IT CEO Jamie Duffield company seeking an explanation of how the Census servers crashed despite the testing.

Revolution IT has a testimony on its site from a “John Citizen, technical director of the ABS saying: “Revolution IT worked in a highly collaborative and well organised manner, and their subject knowledge, expertise and advice were key to achieve our project goals and objectives. We were impressed with how well they engaged with our e-Census solution provider (another private company).”

Tender documents show that IBM Australia built the Census platform for a cost of $9,606,725.

The Bureau then paid Revolution IT $325,000 in December last year for licenses for census load testing, plus a further contract in May this year of $90,000 for load testing the census servers and again in June they paid $54,367.50 for a further contract for load testing.

The census servers continue to be down this morning, nearly 12 hours after the servers crashed under the pressure of millions of Australians trying to complete the online form.

ABS & Census website are unavailable. The service won't be restored tonight. We will update you in AM. We apologise for the inconvenience.

Privacy expert Professor Matthew Rimmer, from Queensland University of Technology,

QUT privacy expert Professor Matthew Rimmer said the ABS had to take responsibility for the failure last night, calling the collapse of the census servers “an accident waiting to happen”.

“It deeply concerns me that the ABS census did not seem to be secure last night,” Professor Rimmer said.

One of the memes that flooded the internet after the ABS website went down last night. Picture: SuppliedSource:Supplied

“The whole management of the census was flawed and this is systematic of that.

“I’m sure the ABS would like to externalise the blame and say it’s not us it’s someone else, but ultimately given the claims that they were making about absolute privacy and security they do have to take responsibility for privacy and security for their method of delivery.

“Academics and experts have been complaining about these issues for months now where they have airily and arrogantly dismissed the concerns and the issues that we’ve been raising about their approach.

“I really question the wisdom of the claims by the ABS and the government that everything would be OK, that there would be absolute protection in relation to privacy and security when obviously they were painting a bullseye on their back making those sorts of claims,” he said.

“It underlines we need better privacy protection in an age of big data, cloud computing and hacking.

“Public confidence and trust and confidence has really been broken in relation to census. It highlights the absurdity of making threats that if people didn’t do the census they were going to be fined and punished.”

This morning, Australians took to Twitter to make fun of the government’s failure to build a website capable of withstanding a typical DDOS.

How to engineer the perfect DDoS attack? Send out letters to 16m households telling them to hit https://t.co/18C1W7Fbub on Tuesday evening